error: failed to commit transaction (invalid or corrupted package (PGP signature)) Errors occurred, no packages were upgraded.

Hi!
I'll start off with saying I'm not a Linux power-user by any means so bare with me as I might miss some thi

I have used Manjaro before but I reinstalled it because I tried the i3 version which hated my drivers no matter what.
After a week or two from my fresh install I have been unable to update my system via pacman -Syyu and now I have trouble installing other software as well.

I have tried following this guide https://bbs.archlinux.org/viewtopic.php?id=250481 but to no avail.
All I can find is there seems to be some problems with the keyrings but I cannot figure out how to solve it. Even if it's for arch I think it probably should work but maybe I need to tweak to Manjaro?

Some outputs that might be useful for you guys:

This is for example when I try to install gdb, but I get a similar error when trying to upgrade the entire system

$ sudo pacman -S gdb
[sudo] password for fridlund:
resolving dependencies...
looking for conflicting packages...

Packages (3) gdb-common-8.3.1-1  guile2.0-2.0.14-3  gdb-8.3.1-1

Total Download Size:    6,10 MiB
Total Installed Size:  21,31 MiB

:: Proceed with installation? [Y/n]
:: Retrieving packages...
 guile2.0-2.0.14-...     2,3 MiB  2,42 MiB/s 00:01 [##########################] 100%
 gdb-common-8.3.1...    61,2 KiB  5,97 MiB/s 00:00 [##########################] 100%
 gdb-8.3.1-1-x86_64      3,8 MiB  3,57 MiB/s 00:01 [##########################] 100%
(3/3) checking keys in keyring                     [##########################] 100%
(3/3) checking package integrity                   [##########################] 100%
error: guile2.0: signature from "Evangelos Foutras <evangelos@foutrelis.com>" is unknown trust
:: File /var/cache/pacman/pkg/guile2.0-2.0.14-3-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: gdb-common: signature from "Anatol Pomozov <anatol.pomozov@gmail.com>" is unknown trust
:: File /var/cache/pacman/pkg/gdb-common-8.3.1-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: gdb: signature from "Anatol Pomozov <anatol.pomozov@gmail.com>" is unknown trust
:: File /var/cache/pacman/pkg/gdb-8.3.1-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.

Output in the order of what they ask in the guide above:

 ~ pacman-key --list-keys eworm
gpg: Note: trustdb not writable
pub   rsa2048 2011-08-12 [SC]
      02FD1C7A934E614545849F19A6234074498E9CEE
uid           [ unknown] Christian Hesse (Arch Linux Package Signing) <arch@eworm.de>
sub   rsa2048 2011-08-12 [E]
sub   ed25519 2019-08-29 [S]
sub   cv25519 2019-08-29 [E]
~ sudo gpg --homedir /etc/pacman.d/gnupg --fingerprint --fingerprint eworm
gpg: WARNING: unsafe permissions on homedir '/etc/pacman.d/gnupg'
pub   rsa2048 2011-08-12 [SC]
      02FD 1C7A 934E 6145 4584  9F19 A623 4074 498E 9CEE
uid           [ unknown] Christian Hesse (Arch Linux Package Signing) <arch@eworm.de>
sub   rsa2048 2011-08-12 [E]
      9269 AECC A0E1 AF21 1A78  5CFB 51F0 0134 67F1 E8BF
sub   ed25519 2019-08-29 [S]
      0429 897D E5F3 BDAC 537A  3069 6D42 BDD1 16E0 068F
sub   cv25519 2019-08-29 [E]
      BEEC 2D8D 85F4 CFC3 7B69  FE5F BCC3 A7D4 E4CE 4CE4
~ pacman -Q archlinux-keyring
archlinux-keyring 20191018-1
~ pacman -Q manjaro-keyring
manjaro-keyring 20190608-1

This apparently solved it for the user in their system but unfortunately not for me.

~ sudo pacman-key --refresh-keys
gpg: refreshing 25 keys from hkps://hkps.pool.sks-keyservers.net
gpg: key 7258734B41C31549: "David Runge <dvzrv@archlinux.org>" not changed
gpg: key 976AC6FA3B94FA10: "Jan de Groot <info@jandegrootict.nl>" not changed
gpg: key 39E4B877E62EB915: "Sven-Hendrik Haase <svenstaro@gmail.com>" not changed
gpg: key 9D893EC4DAAF9129: "Bruno Pagani <bruno.pagani@ens-lyon.org>" not changed
gpg: key 46F633CBB0EB4BF2: "Filipe Laíns (FFY00) <lains@archlinux.org>" not changed
gpg: key 51E8B148A9999C34: "Evangelos Foutras <evangelos@foutrelis.com>" not changed
gpg: key 94657AB20F2A092B: "Andreas Radke <andyrtr@archlinux.org>" not changed
gpg: key 06096A6AD1CEDDAC: "Laurent Carlier <lordheavym@gmail.com>" not changed
gpg: key AFF5D95098BC6FF5: "Maxime Gauduin <alucryd@alucryd.xyz>" not changed
gpg: key 4AC5588F941C2A25: "Antonio Rojas <arojas@archlinux.org>" not changed
gpg: key F22FB1D78A77AEAB: "Giancarlo Razzolini (grazzolini) <grazzolini@archlinux.org>" not changed
gpg: key B02854ED753E0F1F: "Anatol Pomozov <anatol.pomozov@gmail.com>" not changed
gpg: key A91764759326B440: "Lukas Fleischer <lfleischer@lfos.de>" not changed
gpg: key A5E9288C4FA415FA: "Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>" not changed
gpg: key FC1B547C8D8172C8: "Levente Polyak (anthraxx) <levente@leventepolyak.net>" not changed
gpg: key BBE43771487328A9: "Bartlomiej Piotrowski <b@bpiotrowski.pl>" not changed
gpg: key F99FFE0FEAE999BD: "Allan McRae <me@allanmcrae.com>" not changed
gpg: key CAA6A59611C7F07E: "Philip Müller (Called Little) <philm@manjaro.org>" not changed
gpg: key A6234074498E9CEE: 1 duplicate signature removed
gpg: key A6234074498E9CEE: 1 signature reordered
gpg: key A6234074498E9CEE: "Christian Hesse (Arch Linux Package Signing) <arch@eworm.de>" not changed
gpg: key EEEEE2EEEE2EEEEE: "Gaetan Bisson <gaetan@fenua.org>" not changed
gpg: key CEE477135C5872B0: "Helmut Stult (schinfo) <helmut.stult@schinfo.de>" not changed
gpg: key 7F2D434B9741E8AC: "Pierre Schmitz <pierre@archlinux.de>" not changed
gpg: key DAD3B211663CA268: "Bernhard Landauer <bernhard@manjaro.org>" not changed
gpg: key 786C63F330D7CB92: 28 signatures not checked due to missing keys
gpg: key 786C63F330D7CB92: "Felix Yan <felixonmars@archlinux.org>" not changed
gpg: Total number processed: 24
gpg:              unchanged: 24

As this is the output when I try to install gdb once again

 ~ sudo pacman -S gdb
resolving dependencies...
looking for conflicting packages...

Packages (3) gdb-common-8.3.1-1  guile2.0-2.0.14-3  gdb-8.3.1-1

Total Download Size:    6,10 MiB
Total Installed Size:  21,31 MiB

:: Proceed with installation? [Y/n]
:: Retrieving packages...
 guile2.0-2.0.14-...     2,3 MiB  1054 KiB/s 00:02 [##########################] 100%
 gdb-common-8.3.1...    61,2 KiB  2,21 MiB/s 00:00 [##########################] 100%
 gdb-8.3.1-1-x86_64      3,8 MiB  1332 KiB/s 00:03 [##########################] 100%
(3/3) checking keys in keyring                     [##########################] 100%
(3/3) checking package integrity                   [##########################] 100%
error: guile2.0: signature from "Evangelos Foutras <evangelos@foutrelis.com>" is unknown trust
:: File /var/cache/pacman/pkg/guile2.0-2.0.14-3-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: gdb-common: signature from "Anatol Pomozov <anatol.pomozov@gmail.com>" is unknown trust
:: File /var/cache/pacman/pkg/gdb-common-8.3.1-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: gdb: signature from "Anatol Pomozov <anatol.pomozov@gmail.com>" is unknown trust
:: File /var/cache/pacman/pkg/gdb-8.3.1-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.

I try to populate both archlinux and manjaro also but no progress.

~ sudo pacman-key --gpgdir /tmp/gnupg --populate archlinux
==> Appending keys from archlinux.gpg...
==> Locally signing trusted keys in keyring...
  -> Locally signing key D8AFDDA07A5B6EDFA7D8CCDAD6D055F927843F1C...
  -> Locally signing key DDB867B92AA789C165EEFA799B729B06A680C281...
  -> Locally signing key 91FFE0700E80619CEB73235CA88E23E377514E00...
  -> Locally signing key 0E8B644079F599DFC1DDC3973348882F6AC6A4C2...
  -> Locally signing key AB19265E5D7D20687D303246BA1DFB64FFF979E7...
==> Importing owner trust values...
==> Disabling revoked keys in keyring...
  -> Disabling key 8F76BEEA0289F9E1D3E229C05F946DED983D4366...
  -> Disabling key 63F395DE2D6398BBE458F281F2DBB4931985A992...
  -> Disabling key 50F33E2E5B0C3D900424ABE89BDCF497A4BBCC7F...
  -> Disabling key 27FFC4769E19F096D41D9265A04F9397CDFD6BB0...
  -> Disabling key 39F880E50E49A4D11341E8F939E4F17F295AFBF4...
  -> Disabling key 8840BD07FC24CB7CE394A07CCF7037A4F27FB7DA...
  -> Disabling key 5559BC1A32B8F76B3FCCD9555FA5E5544F010D48...
  -> Disabling key 0B20CA1931F5DA3A70D0F8D2EA6836E1AB441196...
  -> Disabling key 07DFD3A0BC213FA12EDC217559B3122E2FA915EC...
  -> Disabling key 4FCF887689C41B09506BE8D5F3E1D5C5D30DB0AD...
  -> Disabling key 5A2257D19FF7E1E0E415968CE62F853100F0D0F0...
  -> Disabling key D921CABED130A5690EF1896E81AF739EC0711BF1...
  -> Disabling key 7FA647CD89891DEDC060287BB9113D1ED21E1A55...
  -> Disabling key BC1FBE4D2826A0B51E47ED62E2539214C6C11350...
  -> Disabling key 4A8B17E20B88ACA61860009B5CED81B7C2E5C0D2...
  -> Disabling key 5696C003B0854206450C8E5BE613C09CB4440678...
  -> Disabling key 684148BB25B49E986A4944C55184252D824B18E8...
  -> Disabling key 8CF934E339CAD8ABF342E822E711306E3C4F88BC...
  -> Disabling key F5A361A3A13554B85E57DDDAAF7EF7873CFD4BB6...
  -> Disabling key 5E7585ADFF106BFFBBA319DC654B877A0864983E...
  -> Disabling key 65EEFE022108E2B708CBFCF7F9E712E59AF5F22A...
  -> Disabling key 40440DC037C05620984379A6761FAD69BA06C6A9...
  -> Disabling key 34C5D94FE7E7913E86DC427E7FB1A3800C84C0A5...
  -> Disabling key 81D7F8241DB38BC759C80FCE3A726C6170E80477...
  -> Disabling key E7210A59715F6940CF9A4E36A001876699AD6E84...
  -> Disabling key 5357F3B111688D88C1D88119FCF2CB179205AC90...
  -> Disabling key FB871F0131FEA4FB5A9192B4C8880A6406361833...
  -> Disabling key 66BD74A036D522F51DD70A3C7F2A16726521E06D...
  -> Disabling key B1F2C889CB2CCB2ADA36D963097D629E437520BD...
  -> Disabling key 9515D8A8EAB88E49BB65EDBCE6B456CAF15447D5...
  -> Disabling key 76B4192E902C0A52642C63C273B8ED52F1D357C1...
  -> Disabling key 40776A5221EF5AD468A4906D42A1DB15EC133BAD...
  -> Disabling key D4DE5ABDE2A7287644EAC7E36D1A9E70E19DAA50...
  -> Disabling key 44D4A033AC140143927397D47EFD567D4C7EA887...
==> Updating trust database...
gpg: next trustdb check due at 2020-01-22
➜  ~ sudo pacman-key --gpgdir /tmp/gnupg --populate manjaro
==> Appending keys from manjaro.gpg...
==> Locally signing trusted keys in keyring...
  -> Locally signing key B4663188A692DB1E45A98EE95BD96CC4247B52CC...
  -> Locally signing key 76C6E477042BFE985CC220BD9C08A255442FAFF0...
  -> Locally signing key 7C89F4D439B2BFACF425107B62443D89B35859F8...
  -> Locally signing key 1E7908935AAB9A00D6B47503363DFFFD59152F77...
  -> Locally signing key 04BB537F5BC2D399BFA72F8F17C752B61B2F2E90...
  -> Locally signing key 5A97ED6B72418199F0C22B23137C934B5DCB998E...
  -> Locally signing key 75C1B95A4D9514A57EB2DAE71817DC63CD3B5DF5...
  -> Locally signing key 39F0EC1AE50B37E5F3196F09DAD3B211663CA268...
  -> Locally signing key 2D14560CDCE6A75BB186DB758238651DDF5E0594...
  -> Locally signing key 7A443CEE69B6B3777740E258084A7FC0035B1D49...
  -> Locally signing key F66AD0FF0E57C561615A0901CEE477135C5872B0...
  -> Locally signing key 35B4FF23EA9477582C2A0AF12B80869C5C0102A6...
  -> Locally signing key E4CDFE50A2DA85D58C8A8C70CAA6A59611C7F07E...
  -> Locally signing key 74C2F2CC05A0AB7D859839938934292D604F8BA2...
  -> Locally signing key 77DC01C9971AC3C39A0626F72C089F09AC97B894...
  -> Locally signing key 16DC688DF3EECC72323954237EC47C82A42D53A2...
  -> Locally signing key 2C688B52E3FC0144B7484BABE3B3F44AC45EE0AA...
  -> Locally signing key 22C903DE964E6FE321656E318DB9F8C18DF53602...
==> Importing owner trust values...
==> Disabling revoked keys in keyring...
  -> Disabling key 540DE7083B89314CF70EA6F0C1B1AD0DA80EBF3E...
  -> Disabling key FAA6840E8C3FC7F89BEE0DC8AC7AB10BCB6CDD17...
==> Updating trust database...
gpg: next trustdb check due at 2020-01-22

As I get this output afterwards when installing gdb

~ sudo pacman -S gdb
resolving dependencies...
looking for conflicting packages...

Packages (3) gdb-common-8.3.1-1  guile2.0-2.0.14-3  gdb-8.3.1-1

Total Download Size:    6,10 MiB
Total Installed Size:  21,31 MiB

:: Proceed with installation? [Y/n]
:: Retrieving packages...
 guile2.0-2.0.14-...     2,3 MiB  1639 KiB/s 00:01 [##########################] 100%
 gdb-common-8.3.1...    61,2 KiB  3,51 MiB/s 00:00 [##########################] 100%
 gdb-8.3.1-1-x86_64      3,8 MiB  2,76 MiB/s 00:01 [##########################] 100%
(3/3) checking keys in keyring                     [##########################] 100%
(3/3) checking package integrity                   [##########################] 100%
error: guile2.0: signature from "Evangelos Foutras <evangelos@foutrelis.com>" is unknown trust
:: File /var/cache/pacman/pkg/guile2.0-2.0.14-3-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: gdb-common: signature from "Anatol Pomozov <anatol.pomozov@gmail.com>" is unknown trust
:: File /var/cache/pacman/pkg/gdb-common-8.3.1-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: gdb: signature from "Anatol Pomozov <anatol.pomozov@gmail.com>" is unknown trust
:: File /var/cache/pacman/pkg/gdb-8.3.1-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.

I also tried this from another guide here on Manjaro Invalid or corrupted package (PGP signature) but to no avail once again.
(For me I had to do the --init before the update but I just pasted from the guide.

sudo rm -r /etc/pacman.d/gnupg
sudo pacman -Sy gnupg archlinux-keyring manjaro-keyring
sudo pacman-key --init
sudo pacman-key --populate archlinux manjaro 
sudo pacman-key --refresh-keys 
sudo pacman -Sc

Does anyone know what else I can try barring reinstalling my entire system?

Thanks

Please have a look at the following post. It seems to contain some options that you haven't tried yet:

Best of luck!

Thank you for your tips!
The following commands solved the problem.

sudo rm -fr /etc/pacman.d/gnupg
sudo pacman-key --init
sudo pacman-key --populate archlinux manjaro
sudo pacman-key --refresh-keys
sudo pacman -Syyu

As I wrote in my initial question I tried the following beforehand but did not work.

sudo rm -r /etc/pacman.d/gnupg
sudo pacman -Sy gnupg archlinux-keyring manjaro-keyring
sudo pacman-key --init
sudo pacman-key --populate archlinux manjaro 
sudo pacman-key --refresh-keys 
sudo pacman -Sc

Which is almost the same as the solution that worked but not exactly the same and the problem was probably that it said that I should do pacman -Sy earlier than possible.

4 Likes

i have tried all things you all had mentioned but nthing is working for me. commands just work fine but as soon as i enter sudo pacman -Syyu it shows same msg.

error: failed to commit transaction (invalid or corrupted package)

i have tried all commands.

Please create a new post since this one is already solved and you will run the risk of not getting proper attention to your issue. Doing so, post the whole terminal output of
sudo pacman -Syyu

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Forum kindly sponsored by